2010/10/18 Hetz Ben Hamo :
> * What would you recommend as a good firewall (please, only the ones who are
> being updated and have docs. ipcop for example has old documents and you
> really need to "hunt" for some good instructions. Smoothwall is old [2007]
> and it's not being updated at all)
How
On Sunday, 17 בOctober 2010 19:55:43 Hetz Ben Hamo wrote:
> * What would you recommend as a good firewall
1. In most cases, the firewall is really Linux kernel netfilter (iptables)
> (please, only the ones who are being updated and have docs. ipcop for
> example has old documents and you really n
Where are you pinging from? Be aware that locally-generated packets
(e.g. pinging from the firewall) don't pass the NAT tables.
Erez D wrote:
but tcpdump both on ppp0 and on remote bbb.bbb.bbb.bbb gives:
10:35:27.564611 IP 192.168.0.254.5070 > bbb.bbb.bbb.bbb.5060: UDP, length 489
so snat i
Look for FreeSco (www.freesco.org , I think)
It runs from a floppy disk, but it doesn't look like putting it on a
bootable flash disk will be an issue.
It will run on any box (well, maybe 486 and up...) with 2 NICs and 8
megs of memory...
Maybe an old laptop with 2 NICs (PCMCIA)? Probably a lot c
Ben-Nes Michael wrote:
Hi All
I want to setup a Firewall, and thought of runing it from flash memory
on a small computer.
I thought of getting one of those:
http://h41100.www4.hp.com/il/eng/commercial/thinclients/entry.html
Any one have any knowlege about such solution ? are there better
ha
The new Webmin release 1.000 has firewall module designed for IPtables (webmin
is a very nice web administration utility for your linux system).
i havent checked it out myself but it might be what u are looking for :)
www.webmin.com
On Thursday 12 September 2002 08:09, Michael Sternberg wrote:
On Thu, 12 Sep 2002, Michael Sternberg wrote:
>
> Looks very nice (at least on screenshots :).
> Too bad it does not have Web interface..
Do you need a web interface, or a remote interface?
Connect with ssh, forward VNC port, and connecto with vnc. TightVNC
(http://tightvnc.sf.net/) has built-i
Oops, I meant KDE on your workstation ;)
Hetz
On Thursday 12 September 2002 15:20, Hetz Ben Hamo wrote:
> Tried Guard Dog?
>
> I heard few people who tested it and loved it a lot. You'll need KDE
> installed (only the basic stuff - qt, kdelibs,kdebase) in order to run it.
> RPMS are also availab
Quoth Hetz Ben Hamo:
> Tried Guard Dog?
As the greater extreme - tried hlfl (apt-get install hlfl) ;-)...
V. nice, works for all kinds of stuff...
--
---OFCNL
This is MY list. This list belongs to ME! I will flame anyone I want.
Official Flamer/Cabal NON-Leader
Looks very nice (at least on screenshots :).
Too bad it does not have Web interface..
On Thu, 12 Sep 2002 15:20:08 +0300
Hetz Ben Hamo <[EMAIL PROTECTED]> wrote:
> Tried Guard Dog?
>
> I heard few people who tested it and loved it a lot. You'll need KDE installed
> (only the basic stuff - qt
Tried Guard Dog?
I heard few people who tested it and loved it a lot. You'll need KDE installed
(only the basic stuff - qt, kdelibs,kdebase) in order to run it. RPMS are
also available, and it's quite easy to use.
http://www.simonzone.com/software/guarddog/ (RPMS, screenshot, handy manual)
H
> http://www.linuxguruz.org/iptables/ is a link page to *lots* of
Very useful indeed. Thanks. ;-)...
--
---OFCNL
This is MY list. This list belongs to ME! I will flame anyone I want.
Official Flamer/Cabal NON-Leader [EMAIL PROTECTED]
===
EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, September 12, 2002 12:26 PM
Subject: RE: Firewall Configurator
that means, putting all the eggs in one basket, is risky.
A lot of companies today think that if they have a firewall than they are
safe.
And it is indeed misleading to think
://members.lycos.co.uk/my2nis/spamwarning.html
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ben-Nes Michael
> Sent: Thursday, September 12, 2002 11:55 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Firewall Configurato
What do you mean by saying firewall lower security ?
thats sound like paradox
chain with weak link is better then nothing. ( i suppose )
> remember, a chain is strong as its weakest link, and a firewall !=
security.
> In fact, a lot of people agree that firewalls actually lowers security,
but t
don't waste your time, with fw-builders. just read the manual and use the sample there.
Iptables is better than past firewalls and is much simpler now.
If you just want to masquerade, than its all there in the beginning chapters of the
manual.
If you need something else, I recommend reading all t
http://www.linuxguruz.org/iptables/ is a link page to *lots* of
iptables documents and scripts
On Thu, Sep 12, 2002 at 08:09:49AM +0300, Michael Sternberg wrote:
> I'm looking for a simple firewall (iptables based) Web configurator.
> It does not have to be extra smart - basic features will suffi
There is something called BiFrost (http://bifrost.heimdalls.com/)
but its a shareware unfortunately. They want $100 per copy for
commercial purposes - and it's only an 1.5 Kb cgi Perl script...
I'm looking for open source and maybe for much more simpler
one - Web interface for open/close ports a
Quoth Michael Sternberg:
> I'm looking for a simple firewall (iptables based) Web configurator.
> It does not have to be extra smart - basic features will suffice..
> What do you recommend ?
Well, I have been arguing with iptables for a few days (replacing
my old firewall with a new Nazi one)...
On Wed, 2002-06-12 at 13:53, Yotam Rubin wrote:
> UCKER-MAG comes straight from the computing elite. It will provide all your
> "hacking" needs and perhaps slow you down enough to allow me to whip up
> some procmail magic. http://yotamr.dyndns.org/UCKER-MAG
> If you did not find the solution in
On Wed, Jun 12, 2002 at 02:09:54PM +0300, Shachar Shemesh wrote:
> "TH4 UBER KEWL JAN 1SSU3 1N Y00R F4C3"
>
> Tha???!!!
> Shouldn't it have been
> TH3 UB3R K3WL J4N 1SSU3 1N Y00R F4C3?
Err, scratch that. Yes. You're right.
=
To un
On Wed, Jun 12, 2002 at 02:09:54PM +0300, Shachar Shemesh wrote:
> "TH4 UBER KEWL JAN 1SSU3 1N Y00R F4C3"
>
> Tha???!!!
> Shouldn't it have been
> TH3 UB3R K3WL J4N 1SSU3 1N Y00R F4C3?
No. That particular issue was written over a year ago an exercise.
Regards, Yotam Rubin
"TH4 UBER KEWL JAN 1SSU3 1N Y00R F4C3"
Tha???!!!
Shouldn't it have been
TH3 UB3R K3WL J4N 1SSU3 1N Y00R F4C3?
Yotam Rubin wrote:
>On Wed, Jun 12, 2002 at 10:09:11AM +0200, Ben-Nes Michael wrote:
>
>
>>Hi All
>>
>>I just finished configuring my first firewall server with many goods inside
>>:
On Wed, Jun 12, 2002 at 10:09:11AM +0200, Ben-Nes Michael wrote:
> Hi All
>
> I just finished configuring my first firewall server with many goods inside
> :) and im looking a way to hack in for testing purpose.
Without causing a flamewar: s/hack/crack/
>
> All the scanners i tested aginst it
On Tue, 1 Jan 2002, Tzafrir Cohen wrote:
> > http://monmotha.mplug.org/firewall/index.php
>
> I'll have a look Though this seems to be lack a "start" and "stop" comands
> of a standard sysv-init script .
just my 0.02 Euro, but my script may be able to serve you if you prefer
a simple script over
On Tue, 1 Jan 2002, Tzafrir Cohen wrote:
> On Tue, 1 Jan 2002, mulix wrote:
>
> > On Tue, 1 Jan 2002, Tzafrir Cohen wrote:
> >
> > > I want to convert my firewall from kernel 2.2 to kernel 2.4 . I believe
> > > that 2.4 is by now stable enough.
> >
> > make sure to go straight to 2.4.17. pretty m
On Tue, 1 Jan 2002, mulix wrote:
> On Tue, 1 Jan 2002, Tzafrir Cohen wrote:
>
> > I want to convert my firewall from kernel 2.2 to kernel 2.4 . I believe
> > that 2.4 is by now stable enough.
>
> make sure to go straight to 2.4.17. pretty much every other version had
> known problems.
Which mean
On Tue, 1 Jan 2002, mulix wrote:
> On Tue, 1 Jan 2002, Tzafrir Cohen wrote:
>
> > I want to convert my firewall from kernel 2.2 to kernel 2.4 . I believe
> > that 2.4 is by now stable enough.
>
> make sure to go straight to 2.4.17. pretty much every other version had
> known problems.
[replying
On Tue, 1 Jan 2002, Tzafrir Cohen wrote:
> I want to convert my firewall from kernel 2.2 to kernel 2.4 . I believe
> that 2.4 is by now stable enough.
make sure to go straight to 2.4.17. pretty much every other version had
known problems.
> My main limitation with this system is that I would li
You may want to try Monmotha:
http://t245.dyndns.org/~monmotha/firewall/index.php
or firewall builder:
http://www.fwbuilder.org/
If non fits, you can find a coprehensive list of scripts here:
http://www.linuxguruz.org/iptables/
enjoy!.
* - * - *
Tzahi Fadida
[EMAIL PROTECTED]
Fax (+1 Outside the
Hello,
Port attack? What exactly are you referring to, portscans?
Portsentry can deny on the fly hosts which portscan you. I am generally
inclined not to use portsentry, as port scans can easily be spoofed and
thus making a DoS attack against your host very very feasible.
Additional arg
I never used neither PMFirewall nor Mason, but I have ADSL (W/pptp
tunnel), NAT over that and a kernel 2.4.2/iptables (was not too long ago
2.2.x/ipchains) filter to block off some services from the
wild wild net..
What exactly are you trying to do and what's the problem?
--
Miki Shapiro
Aladdin
Hi!
Solomon,
I have successfuly installed a package called fwctrl . It uses simple
config files on /etc/fwctrl , starts up once the ppp interface is up, and
configures the ipchains, including ip masq. Give it a try.
I could send you my config files (take into account that I run my local
net on the
[EMAIL PROTECTED] wrote:
> Yes, I also got IP maasquerading working with pmfirewall (pmfirewall
> masqstart), but if I run **pmfirewall start** to use it as an actual firewall,
> everything is locked out. I can't even PING through the firewall.
Please send the output of "ipchains -L -n" and s
Yes, I also got IP maasquerading working with pmfirewall (pmfirewall
masqstart), but if I run **pmfirewall start** to use it as an actual firewall,
everything is locked out. I can't even PING through the firewall.
On 26-Nov-2000 Dani Arbel wrote:
> Hi!
> What exactly are you trying to do with the
Hi!
What exactly are you trying to do with the FW ?
I did manage to run ip masqurading (which is a partial fw functionality).
Dani
On Sat, 25 Nov 2000 [EMAIL PROTECTED] wrote:
> Hi,
>
> Does anyone have any experience running pmfirewall (or anything similar) under
> the ADSL experiment. I guess
On Thu, Oct 19, 2000, Shachar Shemesh wrote about "Re: firewall":
> Ahem Ahem
>
> Actually, I did not ask for the "Reply-To:" field. I asked that people doing
> the actual reply not reply to both me and the list.
But they'll never do that, and I expl
Nadav Har'El wrote:
> > A possible attack is then to open as many connection as you can in a
> > short time to force that connection table to fill up. This is not (any
> > more) an academic discussions - SYN attacks, which are basically based
> > on the same principle (but happening at the bastio
matter.
Nadav - sorry, but so far you are the only voice in favour of the "reply-to"
field.
Nothing personal.
Shachar
- Original Message -
From: "Aviram Jenik" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 19, 2000
On Thu, Oct 19, 2000, Aviram Jenik wrote about "Re: firewall":
> >
> > Due to all that hassle, and the extremly "under cover" approach that both
> > Yosi and Eli have taken about the misdirected email, I vote the
> > "reply-to:" field be
>
> Due to all that hassle, and the extremly "under cover" approach that both
> Yosi and Eli have taken about the misdirected email, I vote the
> "reply-to:" field be removed from the headers.
>
I second that. Please correct me if I'm wrong, but I believe Shachar was the
only one that asked for th
On Thu, Oct 19, 2000, Gilad Ben-Yossef wrote about "Re: firewall":
> One thing not commonly mentioned in regard to "stateful inspection" is
> the risk it *introduces* to your setting.
> Consider the following obvious fact: for statefull inspection the
> firewall i
Nadav Har'El wrote:
>
> On Thu, Oct 19, 2000, Shachar Shemesh wrote about "Re: firewall":
> > Duplicating exactly the FW-1 functionality in an opensource project is not
> > practical, due to a patent on stateful inspection. This gives the FW-1 product
> >
This brings us back to the other flame war. The one about whether the
mailing list should automatically add the "reply-to:" field to the list.
I feel a bit guilty about this. It all started by me asking why I should
get every mail twice (people hitting "reply-to all"). The result were, on
one han
On Thu, Oct 19, 2000, Shachar Shemesh wrote about "Re: firewall":
> Duplicating exactly the FW-1 functionality in an opensource project is not
> practical, due to a patent on stateful inspection. This gives the FW-1 product
> the ability to open specific ports that would
Duplicating exactly the FW-1 functionality in an opensource project is not
practical, due to a patent on stateful inspection. This gives the FW-1 product
the ability to open specific ports that would normally be blocked, because, for
example, an FTP protocol request required that port. If you want
Yosi wrote:
> Thanks for the link. It is very interesting. BTW, I didn't want to
> start a flame war on the list, but if I was that guy who asked the
> question, I'd probably use OpenBSD and not Linux. I think that this
> guy will probably install the Firewall on his working machine, which
> is n
Hi All
Can an open source, free programs in one way or another get to the level of
option that FW-1 have ?
Shachar Shemesh wrote:
>
> Regarding the commercial products available - I know FW-1, and it has very
> high capabilities (it has a finer enforcment capabilities than simply using
> IPChai
Hi Eli,
Thanks for the link. It is very interesting. BTW, I didn't want to
start a flame war on the list, but if I was that guy who asked the
question, I'd probably use OpenBSD and not Linux. I think that this
guy will probably install the Firewall on his working machine, which
is not a good
On Thu, Oct 19, 2000, Tzafrir Cohen wrote about "Re: firewall again + Mandrake Demoes":
>...
> I believe some of them were translated to Hebrew by Or. Have a look at
> http://www.ivrix.org.il/projects/guides/guides.html
> (BTW Or: this page needs links up to the homepag
On Thu, 19 Oct 2000 [EMAIL PROTECTED] wrote:
> Hi again,
>
> I probably should have said in my previous post that I'm interested in a
> firewall for my home network connected to ADSL so the suggestions for
> commercial software were not what I was looking for. In any case, thanks for
> all the a
Shachar Shemesh Wrote:
[snip]
> In order to configure
> a firewall, any firewall, you need to really understand what are the
threats
> you are facing, and how the firewall you are configuring is meant to help
> you with defending against them. I know, to date, of no product that does
> not requi
Actually, most people have answered this already. I think the best thing is
to understand what a firewall is, assess your needs, and then decide.
First - a firewall is only a tool to enforce your access control. The better
the firewall, you should have a better resolution at defining what it is y
[EMAIL PROTECTED] wrote:
> I'm finally starting to do something about security and I want to install a
> firewall. I've looked around and there are so many programs available that I'd
> like to hear recommendations from people who have used a firewall. Since I'm
> using Mandrake, I looked at thei
You can use FW-1, or Phoenix from progressive systems also is you wait a bit
you can have raptor on Linux.
If you want to use open source when simple ipchains is good for me. (for GUI
configuration use gfcc), most of firewalls you will se on cows
Are control tools or add-ons to ipchains also know
Hi.
I have personally used pmfirewall and the results are good.
But to give you a good advise, just study the IPCHAINS and build your own
configuration including only those rules you need.
I admit PMFirewall added the lowest number of "junk" rules but when i built
my own config it was the stronge
Quoth Shaul Karl on Sun, Nov 21, 1999:
> It is my opinion that the sender of the mentioned commercial message has
> succeeded to make it short, informative and tempting enough so that the list
> maintainer decision not to rule it out is justified.
Yup, this was not a typical "$$$ MAKE FIREWALLS
Quoth Oded Arbel on Sun, Nov 21, 1999:
> Is it just me, or did everyone here failed to notice, that the
> aforementioned ad was targeted for the webmaster for www.linux.org.il (whom
> ever that may be) ?
It's just you. I long ago have deleted the message _as it got to
me for approval_, but my co
> Quoth Jan Runyon on Fri, Nov 19, 1999:
> > > Hello Linux Users Group:
> >
> > I don't really know whether it's spam or not, but I decided to
> > approve it. As I approve job offers. If you don't want to see
> > them, tell me, and I will forward such mail to /dev/null (the
> > people in there
> Quoth Jan Runyon on Fri, Nov 19, 1999:
> > Hello Linux Users Group:
>
> I don't really know whether it's spam or not, but I decided to
> approve it. As I approve job offers. If you don't want to see
> them, tell me, and I will forward such mail to /dev/null (the
> people in there are dying to
OZ>> I suppose that there are several Linux-IL subscribers who are NOT
OZ>> interested in job offers or in advertisements.
OZ>> (Personally, I am interested in job offers but not in advertisements.)
I do not really see a need to do this because of 1-2 job offers and
advertisements per month. If a
You *should* put it in rc.d/init.d since it is a service activation. Your
script can run ipchains with rules to put up the firewall on the start
script, and rules to take down the firewall on the shutdown script. Of
course this is if you want to go by the book: Taking down the firewall rules
is me
I suppose that there are several Linux-IL subscribers who are NOT
interested in job offers or in advertisements.
(Personally, I am interested in job offers but not in advertisements.)
This is not an issue of opening a separate list for newbie questions (this
does not work).
So, I suggest that Li
Quoth Jan Runyon on Fri, Nov 19, 1999:
> Hello Linux Users Group:
I don't really know whether it's spam or not, but I decided to
approve it. As I approve job offers. If you don't want to see
them, tell me, and I will forward such mail to /dev/null (the
people in there are dying to read it).
Va
64 matches
Mail list logo
